Balancing the security vs efficiency dilemma for your ‘new normal’

/

Many management and IT teams have done an amazing job over the last few months, completely changing their working environments to shift most, if not all, their staff ‘offsite’ in such a tight timeframe. A project completed in just a matter of weeks or months, which would usually be assigned many more months if not years to plan and carry out safely and effectively, is a great achievement, but at what cost?

Have we left major security gaps that can be exploited by hackers? Or have we locked our doors so tight, our staff are struggling to work effectively?

Finding the right balance between security and efficiency can be challenging, especially when under immense time pressures. Now the dust is beginning to settle, what can your organisation do to review and adjust your remote team connectivity to deliver on both levels?

Securing the remote environment

Cyber security has been a hot topic over the last few years due to the ever-increasing and high-profile attacks seen on numerous major and international organisations. The introduction of new or enhanced data protection laws such as the New Zealand Privacy Act, The EU GDPR and more recently within the Middle East, country regulations such as the Bahrain Personal Data Protection Law (PDPL), have only acted to enhance the focus on properly securing our systems and data.

We successfully locked our doors and secured ourselves, then Covid-19 came, forcing us out from behind our carefully built layers of security and into a more dynamic working landscape. We now need to work out how to safely open things back up again to allow our teams access to our data from outside our internal networks.

For a lot of our clients, remote working was already something on the agenda, and some had even set it up for key employees or senior management, but most had not finalised an effective strategy to roll out organisation wide on the scale that the current crisis has required.

Most IT departments have worked tirelessly over the last few months to implement their remote working strategies and in turn most organisations are now rightfully feeling very proud of themselves and the speed in which they have adapted their operating environment. But that does not mean the job is even close to done.

·       How many of these changes have been properly tested to ensure airtight security?

·       How long can you be comfortable just hoping no hacker notices the gaps before they can patch them up?

·       How many staff are using old laptops they had at home already which very likely have some sort of previous malware embedded somewhere?

·       How many staff are on home WIFI networks which may have been compromised a long time prior to the start of this pandemic?

·       How many staff or managers are reading or printing confidential company information and data in an unsecured environment which is open to visitors and potential prying eyes?

This is just the start of a very long list of security questions which may find serious compromises within your current infrastructure. My hope is that most IT teams will have already addressed most, if not all, of these obvious problems, but if you are not, then now is definitely time to clean up your systems; before someone else notices!

Balancing Security and Efficiency

Implementing secure remote access comes with its own set of usability problems: it can often take forever for a member of staff to get in to the system; layer after layer of passwords and links before even accessing emails. Or once you have logged in to your emails, you can’t just jump online to check something on Google, because your VPN is blocking access to anything else outside of your internal network. All of this creates a very secure environment, but not a particularly productive one.

That’s not to say there aren’t a number of good technical solutions out there that are able to allow both very tight security and also efficient ways to navigate through them, I just don’t know many organisations that been able to secure enough budget or had enough time to implement them yet.

How can you improve?

Before we accept anything as the ‘new normal’, or use any of our current practices as a roadmap for long term success, now is a critical time for an organisation to take a deep, long look at everything they have done recently and ask a few questions:

·       Are our systems and endpoints truly secure?

·       Are our people able to work within our systems as effectively as they were from the office?

·       Are our people truly happy with the current setup?

And if the answer to any of the above is no:

·       What can we do to make it better?

This may come across as all too easy, but the process of gathering the right information to answer these questions effectively should not be taken lightly. You will need to spend serious time and effort engaging the whole business and digging in to everything that has happened over the last few months, alongside any existing structures and procedures, and figuring out exactly how it will all best fit together going forward to ensure both organisational effectiveness and long term resilience.

If you would like help assessing you current environment or planning your next steps, then why not download our Free Standby Consulting Lessons Learnt questionnaire here or contact one of our team to discuss how else we may be able to help.

About Standby Consulting

Standby Consulting are specialists in organisational resilience based out of New Zealand and the Middle East with a presence in Bahrain, UAE and Saudi Arabia. With a wide range of experience across most business sectors, Standby is here to support your organisation in the development and implementation of your critical Business Continuity, Disaster Recovery and other resilience activities. We help our clients and partners by offering independent, honest, and experienced advice to ensure that all of your bespoke resilience needs can be met in a timely and cost-effective manner.

Kidnapped! - the catastrophic cost of ransomware

/

The changing working landscape has made businesses more vulnerable to ransomware attacks. The threat of cyber breach events is very real and, as more businesses are finding out, can come with catastrophic costs. 

Protection from Ransomware Attacks

Back on 17 March 2020 we published a blog warning about cyber security risks for businesses with people working from home. Unfortunately, this prediction has turned out to be true, with several reports over the last couple of months of Ransomware taking businesses “down”. There is a high probability that this ransomware software got through via an insecure personal computer from someone working at home, or a new remote connection which was implemented in haste, without enough time to carry out the stringent security checks and testing periods usually required before implementing any new channels or endpoints. 

What does Ransomware do when it gets in?

Ransomware can be a particularly devastating attack on computer systems. It is quite aggressive and, when well designed, it looks for a whole series of common file extensions and corrupts them all. The number of files it will look for and eventually encrypt can be close to 90 different types. Although not all of the files may be affected, enough will be encrypted, making it almost impossible to unencrypt and recover from. The software is designed so it quietly encrypts all the files it can find in the background before anyone notices. The first indication will likely be that an application will stop operating. If the computer is on a corporate network, it can work its way down the network to basically any computer it can find, even corrupting your backups if they are online. and then finally encrypting files listed on your desktop, which is often the first sign for many businesses that you have a major problem. By then, it is too late to do anything.

Can files be recovered without paying the ransom?

Recovering from this is extremely difficult. It can take days or weeks to work out how the files have been encrypted and then establish what the encryption key is. 

If you wish to recover using your backup files, one has to basically do what is known in the industry as a "cold steel” rebuild. That is, totally wipe all the data off your computers or servers and storage disks and then rebuild from a backup that does not have the Ransomware malware already on it.  Some versions of Ransomware can be on your computers for several days or weeks before it is activated, so going back to the latest backup may not work.

Now the problem with most corporate organisations these days is, the backups are normally on disk and these disks are online, so these also get corrupted. Similarly, for those organisations replicating backup data to a remote location, there is a high probability that the ransomware will make it through to those distant backups and corrupt them as well. 

It is at this point in a ransomware attack that your IT group go to a sickly shade of white, need to rush off to the bathroom, as they realise first that their online backups are useless and second it is going to take them a long time to restore your data. We’re talking weeks at the very least, which is something that most businesses cannot afford. 

If you do not have off-site/offline backups they may never be able to rebuild your data. 

Changes in the industry to fight ransomware crime

The software and hardware industries are not sitting on their hands, but are in fact are working hard to address the exposure to such attacks. The following are some of the solutions that are coming through:

Data Backup Software that recognises a Ransomware attack

For backup tapes, there are products that use Artificial Intelligence (AI) to detect attempts to encrypt files. The product maps your normal file encryption via AI and as soon as it detects an attack it disconnects from the network and then restores the damaged files. 

Replication of Data Protection

For replication there are now products that have inbuilt ransomware protection to stop the software getting to the remote location. This is a relatively new feature of some of the replication software and it would pay to check if the latest version you have provides ransomware protection.

Desktop Malware Protection

For home computers and also business protection, there are products that have inbuilt Ransomware and remediation of files built in. These are not the common malware protection products or the free products many choose to rely on. It will cost you a little more for the right protection but it is far cheaper than dealing with the costs to your business of an actual attack.

What can you do to increase your protection?

The most important action you can take right now is, take your backups offline after completion. If your business is using tape backups or USB disk backups, then you should have a policy of removing them off your system when the backup is finished. This creates what is known as an “air-gap” so that the malicious software cannot get to your backups. Make sure a part of those backups is the rebuild files for the hardware and operating systems. This can be a little old-school but it is better than nothing.

Other things you can do include:

  • Ensure your personnel are aware of the dangers of opening files and programmes that are from people they do not know. 

  • Ensure all devices your team are working from remotely are secure, with robust anti-virus software that includes firewalls and malware protection, and keep it up to date.

  • Have the connectivity path from your office systems to the remote location via secure VPN with Two Factor Authentication.

  • Review security for home internet connectivity; in particular, change the default password on the routers and other devices.

  • Ring-fence sensitive systems and data from extended network activity where possible.

  • Provide dedicated devices to remote team members instead of allowing access from home computers or other shared devices.

  • Block the use of USB ports on computers used for company use.

  • Step up or refresh team training around security protocols and best practice.

  • Get expert advice from a professional cyber security consultant

Establishing the risks and impact of a Major IT Outage

Organisations need to understand the level of risk and impact of a cyber-attack as with any other major IT outage. A cyber-attack can have the same disastrous impact as a major natural disaster – in fact, it can be more damaging as it takes out a business’ reputation along with its ability to function.   Cyber-attacks happen very fast and so organisations need to be prepared to be able to respond to them just as quickly. This includes having roles and response plans defined for key personnel, internal and external communication plans including media statements and scripts for call centres; and most importantly the response plan needs to be embedded and practised via cyber breach training exercises.

How can Standby Consulting help?

Standby Consulting are specialists in resilience. Our cyber security management offerings include cyber governance and breach response planning, as well as training and embedding exercises for staff at all levels. 

If a face to face tabletop exercise is not really possible in the current climate, then we offer an online facilitator-led Cyber Hacking Exercise. You and other key members of your crisis response team can work together through a realistic cyber-attack, managing any impacts via a simulated virtual desktop where you can chat with each other and other stakeholders, check emails, track the market impacts, make critical decisions and more. Bring your key people together to develop both your skills and processes for managing a cyber breach.  

Contact us for more information about our online cyber response exercise and other cyber security management offerings.